932
edits
Changes
m
<li>
Make a backup of the /usr/share/migrationstools/migrate_common.ph to the /root directory
and modify the following parameters in the original file to the values shown below:
<source>$DEFAULT_MAIL_DOMAIN = "ops535.com";
$DEFAULT_BASE = "dc=ops535,dc=com";
$EXTENDED_SCHEMA = 1;</source>
Note that you would '''not''' need to repeat this step when adding other users.
</li>
→Investigation 3: Update LDAP Configuration: - adding line breaks for clarity
==Investigation 1: OpenLDAP Server Setup and Configuration==
{{Admon/important|Warning|Make a backup before you start this lab. It is very difficult to recover this service if you make a mistake in configuration.}}
Perform the following steps on vm1:
<ol>
<li>Start the ldap service ('''slapd'''), and ensure that it will automatically start when your machine boots.
Check the status of the service and ensure that it started without error before continuing.</li>
<li>Use the ldap add command to add the cosine, nis, and inetorgperson schemata to your server'''in that order'''.
Use the authentication type '''EXTERNAL''', and '''ldapi:///''' as the host.</li>
<li>List the schema directory again. This time you should see the core schema, along with the three schemata you just added.</li>
<li>Apply those two ldif files to your database.<br />
This time you will need to use simple authentication, identify yourself with a distinguished name (use the ldap administrator whose password you just set), and get prompted for a password.</li>
<li>
Before we start adding users, we need to provide the migration tools some information about our domain.
Before you change anything, make a backup of the /usr/share/migrationstools/migrate_common.ph to the /root directory.
Modify the following parameters in the original file to the values shown below:
<source>$DEFAULT_MAIL_DOMAIN = "ops535.com";
$DEFAULT_BASE = "dc=ops535,dc=com";
$EXTENDED_SCHEMA = 1;</source>
</li>
<li>Create two new users ('''ldapuser1''' and '''ldapuser2''') on your machine, and set their passwords.<br />
Importing those users into your ldap database will take several steps:
grep -w ldapuser2 /etc/passwd >> /root/ldapusers.entry
</source></li>
<li>Use the migrate_passwd.pl file to convert the user information you extracted earlier into an ldif file:
<source>/usr/share/migrationtools/migrate_passwd.pl ldapusers.entry /root/ldapusers.ldif</source>
</ul>
</li>
<li>Use ldapadd to enter this new information into the database. As before use simple authentication, the distinguished name of the ldap administrator, and get prompted for a password.</li>
<li>Use ldapsearch to confirm that the new users have been added to the database.<br />
You should get output similar to the following:
# numEntries: 5
</source></li>
<li>MOdify Create an ldif file called group.ldif that will add an organizational unit with the distinguished name '''ou=Group, dc=ops535, dc=com'''.It will act as an organizer for group information.</li><li>Use the /etc/group file and migrate_group.pl to create an ldif file that will add the group entries for ldapuser1 and ldapuser2 to your database.</li><li>Add the group entries for ldapuser1 and ldapuser2 to your database.Use ldapsearch to confirm that they have been added.</li><li>Modify your firewall to allow incoming ldap traffic from your internal zone. Makew Make sure that this change persists past reboot.</li>
</ol>
==Investigation 3: Update LDAP Configuration==
<ol><li>Add the following user accounts to your LDAP server:<br/>user name: your seneca id – password: pick your own<br/>rchan – password: ops535<br/>
seneca – password: ops535</li>
<li>Run the ldapsearch command for each user, and confirm that their information is correct</li>
<li>Consult the man page on ldapdelete to find out how to remove an LDAP user. Delete ldapuser2.</li>
</ol>
==Completing the Lab==